Join Log in
Score:0
poypoy avatar Server

apache how configure multi domain https redirection?

eg flag
poypoy

I've an apache running under AWS Elastic beanstalk. I've got several different domains and I want all of them to end in a specific domain name, in HTTPS.

The redirection from other domains e.g. https://domain1.com to https://maindomain.com returns a SSL certificate error.

In apache, I've two virtual host config, one for the *:80, and one for *:443. Both are set for the maindomain.com. They were created with certbot.

What should be the best practice to have this working for all other domains? I guess I need to setup a VirtualHost per domain but how shall it be configured in order to have it working with redirections?

Obviously, the following sample doesn't work as it returns a SSL error:

<IfModule mod_ssl.c>
<VirtualHost domain1.com:443>
        ServerName domain1.com
        RedirectPermanent / https://maindomain.com/
</VirtualHost>
</IfModule>

Here is the default Virtualhost *:80 config

<VirtualHost *:80>
        #ServerName maindomain.com
        DocumentRoot /var/www/html
        <Directory /var/www/html>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride All
                Require all granted
        </Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =maindomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Here is the default Virtualhost *:443 config

<IfModule mod_ssl.c>
<VirtualHost *:443>
        #ServerName maindomain.com
        DocumentRoot /var/www/html
        <Directory /var/www/html>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride All
                Require all granted
        </Directory>
ServerName maindomain.com

SSLCertificateFile /etc/letsencrypt/live/maindomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/maindomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Your help will be very much appreciated. D

172
1 + 0
Score:0
ezra-s avatar Server
ru flag
ezra-s

Either you get a cert with multiple names in it to cover all domains or looking at the domain scheme you mention, you will get a certificate error at some point.

Browsers theorically look at SAN/CN to match the names found in there and the DNS name they are using to connect, if there is no match you get a certificate error.

If other domains you were using were subdomains, you could at least have either a multiple name cert or a wildcard.

For example for domains:

whatever.example.com you could use a wildcard like *.example.com including a SAN for example.com even.

Also note if you have 1 virtualhost with "example.com" requests for other names reaching your server will be dealt by that same virtualhost, so you either have a certificate with multiple names that matches all cases, or you will have to create a scheme in which you can cover them all through different virtualhosts and certificates. It all depends on what you really want to cover.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.